I'm very sorry to hear its continuing Gozr. I've gone to and even registered at that site and I don't understand why these fanatics would target you, its not like you're willfully promoting pro-Israel or anti-Muslim views. They just want to tear down and maybe since they can hack your American site its all that's necessary for them to continue. They're not accomplishing a damn thing but like it matters...right?

BaldieJr

08-04-2004, 08:43 PM

Which version of redhat do you have installed?

<pre class="ip-ubbcode-code-pre">
##############################
I'm not saying you have to visit my site, I'm just saying your a schmuck if you don't.</pre>
http://www.fighterjerks.com

Talk to the owner of www.il2center.com (http://www.il2center.com) maybe he can help you with a better provider thats more secure.

http://img14.photobucket.com/albums/v43/leadspitter/LSIG1.gif

Gbucket

08-05-2004, 02:36 AM

If your website has been hacked contact the company who supplies you with hosting and the police, they will deal with it.

Zayets

08-05-2004, 03:07 AM

Is just a matter of adjustment,but so far nobody cracked my server although there were many attempts.Neverthless,one day this could happen,but until then...
I am using this (http://www.freebsd.org/) as OS.

Zayets out

http://server5.uploadit.org/files/Zayets-sigIAR.jpg

PlaneEater

08-05-2004, 03:12 AM

Turn your site into a major gay porn warehouse for a few days. They'll never, ever come back.

tfu_iain1

08-05-2004, 05:01 AM

http://www.grc.com/default.htm

a lot of content on this site, and the guy knows his stuff, although some is quite windoze oriented- read the DDoS attacks section he has... its quite tricky tracking these people down and stopping them (not physically) but the tools they use can be... also if your running a website off redhat 9.0, upgrade! in fact, switch to slackware or debian, quite a bit more up to date.

as for the authorities, try calling them as i dont know what the policy in france is, but i know the FBI dont really touch hacking cases unless X amount of money is being lost, because they have to few resources to deal with cases they have to prioritise the big ones.

TgD Thunderbolt56

08-05-2004, 06:30 AM

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by PlaneEater:
Turn your site into a major gay porn warehouse for a few days. They'll never, ever come back.<HR></BLOCKQUOTE>

For the time being, you need to shut that server off. You have two choices:

* Wipe the drives clean, reinstall the OS, and UPDATE IT before putting it into the wild.

* Replace the drive with a new one and UPDATE THE OS before putting it into the wild. Drop the old drive into a new machine, mount it, and start looking for evidence of the hack. Good luck, chances are, the only thing you'll find is a r00tk1t and a copy of an irc client. Computer forensics aren't easy, but oh boy does it pay. so its worth tinkering with to gain knowledge.

I've got a redhat box (not by choice) and it keeps me awake at night. I hate it.

<pre class="ip-ubbcode-code-pre">
##############################
I'm not saying you have to visit my site, I'm just saying your a schmuck if you don't.</pre>
http://www.fighterjerks.com

Zayets

08-05-2004, 06:37 AM

Well,Slack is not bad as well (I'm using it as desktop) but I never tried to use it as a server.I was impressed by the number of failed attacks on a *BSD machine , I gues it was OpenBSD which made me consider it as an alternative.Nowaday I know , *BSD is one of the most secure OS's. Heck,even Microsoft runs many of their sites behind two OpenBSD firewalls.Hows that for statistics? http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif

For the time being, you need to shut that server off. You have two choices:

* Wipe the drives clean, reinstall the OS, and UPDATE IT before putting it into the wild.

* Replace the drive with a new one and UPDATE THE OS before putting it into the wild. Drop the old drive into a new machine, mount it, and start looking for evidence of the hack. Good luck, chances are, the only thing you'll find is a r00tk1t and a copy of an irc client. Computer forensics aren't easy, but oh boy does it pay. so its worth tinkering with to gain knowledge.

I've got a redhat box (not by choice) and it keeps me awake at night. I hate it.

<pre class="ip-ubbcode-code-pre">
##############################
I'm not saying you have to visit my site, I'm just saying your a schmuck if you don't.</pre>
http://www.fighterjerks.com
<HR></BLOCKQUOTE>

NO NO NO. DONT MOUNT THE DRIVE, not even in a non production box. (it will change the data, can contain viruses (yes they exist for linux too) and whatnot )
instead use dd to make it into cdimages (don't remember exact command now)
md5sum the original partition
dd from the cdz to a wiped out partition and md5sum again so you know the data is accurate
run TCT or something similar.
Wade through the data and chances are you will have traced your attacker.
If you need any help with it, please feel free to email me (check your PTs for email addy)

LeadSpitter_

08-05-2004, 06:33 PM

planeeater can help you set one up. he has archieves of photos

heh

http://img14.photobucket.com/albums/v43/leadspitter/LSIG1.gif

Flying_Merkava

08-05-2004, 06:39 PM

The rag head posted a pic of himself maybe you can contact the fbi and track him, but prolly not. If I were you ide just get angry and blow up a....ooops...but good luck.

----------------------------

This interview was on Nat'l Public Radio (npr) in mid January.
A female was interviewing Marine Corps General Reinwald
about a Boy Scout visit to his base.
She was told the Boy Scouts were to be taught about guns.
She asked, "But you are equiping them to be violent killers." The General replied,
"Well you're equiped to be a prostitute, but you're not one, are you?"
The radio went silent and the interview ended. http://ubbxforums.ubi.com/images/smiley/88.gif

SKIDRO_79FS

08-06-2004, 01:49 AM

The same guy, or someone pretending to be him and posting that e-mail address hacked into the guestbook of a military-related site I was on last week. I am sure that someone is already on his trail by now.

I certainly hope you get everything sorted and fixed soon Gozr!

http://server6.uploadit.org/files/SKIDRO-signatureimg.jpg
VICTORY BY VALOR, GENTLEMEN TO THE END

fRitz0r

08-06-2004, 02:29 AM

hmmm, well..what u can do is send a mail to
abuse@(ur ISP.region)

write what the problem is, then they can do a trace to the source, if u get a printout of the trace made by the ISP, u then have a case against the peoples hacking u.

remember, the ISP is there to protect u

TheGozr

08-06-2004, 09:10 AM

yea i'm trying..

His site is this one

http://www.al-mafia.net/

some one should hack it.. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

Hey Balrog can you do that on TS to? If you was on the TS server when it happened. We were on Proudbirds last night and some louse decided to fill us all with a load of manuer. We muted him then he came back with another name. I ask cause non of us on at the time were admin. If we was we could look at logged ip list.

trying to contact or enter in there forum to talk about it but i have no access and no reply from emnails..

-GOZR
<HR></BLOCKQUOTE>
Contact the police immediately. It's illegal for someone to do this to you computer/server and it's the police's job to stop this sort of thing happening. Phone the police and demand to be put through to their computer crime section and let them deal with it.

Zayets

08-19-2004, 05:00 AM

90% of the times police can't do too much.Situation gets worse when the attacker comes from a country where computer crime is not an offence,thus not punished. And even so , supposing they can go , they will go for big fishes , the one cracking corporations and government servers.
My advice is still , install FreeBSD , I am not kidding.But then again,is up to you.
Good luck.

Contact them and let them know that this individual is attacking your servers. I deal with this everyday on my webhosting business site.

This is their Acceptable use policy. So they can be legally held responsible for any damages etc etc etc

Also Zayets that is untrue, He can Report them to the FBI Computer Crimes Unit and they can and will do something. It is a form of Tism (if you dont know what that is PM me. Do not wish to say it here). They can also contact the FBI and Interpol will get involved had this happen as well to me before.

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by T_O_A_D:
Hey Balrog can you do that on TS to? If you was on the TS server when it happened. We were on Proudbirds last night and some louse decided to fill us all with a load of manuer. We muted him then he came back with another name. I ask cause non of us on at the time were admin. If we was we could look at logged ip list.
<HR></BLOCKQUOTE>

Yeah that happend to me a while back on Birds of Prey not sure how they dealt with it? Ip ban I suspect but the software I used requires either an ip number or a url in order to perform the trace.

If you are on the machine hosting team speak there are a couple of dos commands you can use to keep an eye on connections established to your machine. Maybe these incorporated into some kinda batch file could be used to perform lookups. Usually you will find that a persons ip provider has a limited number of ip addresses available to its clients so if you can perform a succesfull 'who is' query (finger or fork if on unix I think) then you could maybe ban their entire range of ip numbers from teamspeak or provide some kinda access ban in GOZR's case? Anyhoo here are the commands there maybe others but these are the ones I use on occasions.

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

or this one

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

Could he have been hacked too? Someone using him/his site to hide behind?

TheGozr

08-19-2004, 04:44 PM

Got a message back from Global Net

I have sent this to the server owner and was able to access the server as well. It appears that it may be due to some hacks they had on their system. I have deleted them and requested they futher check their system for any other compromises.

I have sent this to the server owner and was able to access the server as well. It appears that it may be due to some hacks they had on their system. I have deleted them and requested they futher check their system for any other compromises.